How To: Configure IIS to Use SSL Connections on a WSUS Server to Allow the Import of a Code Signing Certificate

Version 8

Created by cwinning on Apr 24, 2015 11:15 AM. Last modified by cwinning on Sep 1, 2017 9:00 AM.

Purpose

If you have created your code signing certificate using an internal CA, the Shavlik/Ivanti Patch for SCCM plugin gives you the ability to import this certificate via the Patch Settings on the WSUS Server tab. However, to be able to use the import function, a SSL connection to the WSUS server is required . As part of the SSL configuration, another type of Server certificate, a SSL Server Certificate, is needed for the secure communication between the SCCM and the WSUS servers. Before configuring IIS to use SSL on your WSUS server, you need to create a self signed SSL certificate or request a SSL certificate.

Ivanti support does not provide support for Microsoft products such as Configuration Manager, WSUS, or IIS. If you face trouble in setting up these prerequisites to installing or configuring the Shavlik Patch plugin, you should contact Microsoft Support directly.

Description

Before following the steps using the Microsoft Web links below, the IIS role should enabled and functional.

Copy the certificate to your SCCM system(s) that will need to connect to the WSUS server, and ensure that this certificate is imported to the Trusted Root Certification Authorities > Certificates on any of those systems.

The Microsoft links above are provided as a courtesy by Ivanti Support. Any questions or troubleshooting related to Configuration Manager, WSUS, or IIS should be addressed to Microsoft Support.

After the above Microsoft environmental prerequisites are met, configure the Shavlik/Ivanti Patch Plug-in to connect to the WSUS Server over SSL .